That’s why we have the concept of Webs of Trust (sometimes called circles of trust). http://en.wikipedia.org/wiki/Web_of_trust
If you trust the people that trust the person who signed that package, then you can feel pretty comfortable that you are getting what you expect. If you don’t, then don’t install it.
